Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




24.5. Create the /usr/bin/ program file

The openssl ca commands has some strange requirements and the default OpenSSL config doesn't allow one easily to use openssl ca directly. Therefore, well create this program to replace it. Create the program file, touch /usr/bin/ and add to this file:

         ## -- Sign a SSL Certificate Request (CSR)
         ##  Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights Reserved. 
         #   argument line handling
         if [ $# -ne 1 ]; then
         echo "Usage: sign.sign <whatever>.csr"; exit 1
         if [ ! -f $CSR ]; then
         echo "CSR not found: $CSR"; exit 1
         case $CSR in
         *.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;;
         * ) CERT="$CSR.crt" ;;
         #   make sure environment exists
         if [ ! -d ca.db.certs ]; then
         mkdir ca.db.certs
         if [ ! -f ca.db.serial ]; then
         echo '01' >ca.db.serial
         if [ ! -f ca.db.index ]; then
         cp /dev/null ca.db.index
         #   create an own SSLeay config
         cat >ca.config <<EOT
         [ ca ]
         default_ca	= CA_own
         [ CA_own ]
         dir	= /etc/ssl
         certs	= /etc/ssl/certs
         new_certs_dir	= /etc/ssl/ca.db.certs
         database	= /etc/ssl/ca.db.index
         serial	= /etc/ssl/ca.db.serial
         RANDFILE	= /etc/ssl/ca.db.rand
         certificate	= /etc/ssl/certs/ca.crt
         private_key	= /etc/ssl/private/ca.key
         default_days	= 365
         default_crl_days	= 30
         default_md	= md5
         preserve	= no
         policy	= policy_anything
         [ policy_anything ]
         countryName	= optional
         stateOrProvinceName	= optional
         localityName	= optional
         organizationName	= optional
         organizationalUnitName	= optional
         commonName	= supplied
         emailAddress	= optional
         #  sign the certificate
         echo "CA signing: $CSR -> $CERT:"
         openssl ca -config ca.config -out $CERT -infiles $CSR
         echo "CA verifying: $CERT <-> CA cert"
         openssl verify -CAfile /etc/ssl/certs/ca.crt $CERT
         #  cleanup after SSLeay 
         rm -f ca.config
         rm -f ca.db.serial.old
         rm -f ca.db.index.old
         #  die gracefully
         exit 0

Now, make this program executable, and change its default permissions:
         [root@deep] /# chmod 755 /usr/bin/

Tip: You can also find this program in the mod_ssl distribution under the mod_ssl-version/pkg.contrib/ subdirectory, or on our floppy.tgz archive file. Also note that the section [ CA_own ] must be changed to refect your own environment and don't forget to change the openssl verify -CAfile /etc/ssl/certs/ca.crt $CERT line too.

  Published under the terms of the Open Publication License Design by Interspire